Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Principle of VLAN Communication

Principle of VLAN Communication

Basic Principle
of VLAN Communication

To improve the efficiency in processing
frames, frames within a switch all carry VLAN tags for uniform processing.
When a data frame reaches a port of the switch, if the frame carries
no VLAN tag and the port is configured with a PVID, the frame is marked
with the port's PVID. If the frame has a VLAN tag, the switch will
not mark a VLAN tag for the frame regardless of whether the port is
configured with a PVID.

The switch processes frames differently
according to the type of port receiving the frames. The following
describes the frame processing according to the port type.

Table 5-3 Frame processing based on the port type

Port Type

Untagged Frame Processing

Tagged Frame Processing

Frame Transmission

Access port

Accepts an untagged frame and adds a tag with the default
VLAN ID to the frame.

Discards the tagged frame if the frame's VLAN ID differs from
the default VLAN ID.

After the PVID tag is stripped, the frame is transmitted.

Trunk port

Adds a tag with the default VLAN ID to the untagged frame and
then transmits it if the default VLAN ID is permitted by the port.

Adds a tag with the default VLAN ID to the untagged frame and
then discards it if the default VLAN ID is denied by the port.

Accepts a tagged frame if the VLAN ID carried in the frame is
permitted by the port.

Discards a tagged frame if the VLAN ID carried in the frame is
denied by the port.

If the frame's VLAN ID matches the default VLAN ID and the VLAN
ID is permitted by the port, the switch removes the tag and transmits
the frame.

If the frame's VLAN ID differs from the default VLAN ID, but the
VLAN ID is still permitted by the port, the switch will directly transmit
the frame.

Hybrid port

Adds a tag with the default VLAN ID to an untagged frame and
accepts the frame if the port permits the default VLAN ID.

Adds a tag with the default VLAN ID to an untagged frame and discards
the frame if the port denies the default VLAN ID.

Accepts a tagged frame if the VLAN ID carried in the frame is
permitted by the port.

Discards a tagged frame if the VLAN ID carried in the frame is
denied by the port.

If the frame's VLAN ID is permitted by the port, the frame
is transmitted. The port can be configured whether to transmit frames
with tags.

QinQ port

QinQ ports are enabled
with the IEEE 802.1 QinQ protocol. A QinQ port adds a tag to a single-tagged
frame, and supports a maximum of 4094 x 4094 VLAN tags, which
meets the requirement on the number of VLANs.

NOTE:

Because all interfaces join VLAN 1 by
default, broadcast storms may occur if unknown unicast, multicast,
or broadcast packets exist in VLAN 1. To prevent loops, delete interfaces
that do not need to be added to VLAN 1 from VLAN 1.

Intra-VLAN
Communication

Sometimes VLAN users are connected
to different switches, in which case the VLAN spans multiple switches.
Since ports between these switches must recognize and send packets
belonging to the VLAN, the trunk link technology becomes helpful in
simplifying this solution.

The trunk link plays the following
two roles:

Trunk line

The trunk link transparently transmits VLAN
packets between switches.

Backbone line

The trunk link transmits packets belonging
to multiple VLANs.

Figure 5-7 Trunk link communication

As shown in Figure 5-7, the trunk link
between DeviceA and DeviceB must both support the intra-communication
of VLAN 2 and the intra-communication of VLAN 3. Therefore, the ports
at both ends of the trunk link must be configured to belong to both
VLANs. That is, Port2 on DeviceA and Port1 on DeviceB must belong
to both VLAN 2 and VLAN 3.

User A sends a frame to User B in the following process:

The frame is first sent to Port4 on DeviceA.

A tag is added to the frame on Port4. The VID field of the tag
is set to 2, that is, the ID of the VLAN to which Port4 belongs.

DeviceA queries its MAC address table for the MAC forwarding entry
with the destination MAC address of User B.

If this entry exists, DeviceA sends the frame to the outbound
interface Port2.

If this entry does not exist, DeviceA sends the frame to all interfaces
bound to VLAN 2 except for Port4.

Port2 sends the frame to DeviceB.

After receiving the frame, DeviceB queries its MAC address table
for the MAC forwarding entry with the destination MAC address of User B.

If this entry exists, DeviceB sends the frame to the outbound
interface Port3.

If this entry does not exist, DeviceB sends the frame to all interfaces
bound to VLAN 2 except for Port1.

Port3 sends the frame to User B.

Inter-VLAN
Communication

After VLANs are configured, users in different VLANs cannot directly communicate with each other.
To implement communication between VLANs, use either of the following
methods:

Layer 3 sub-interface

As shown in Figure 5-8, DeviceA is
a Layer 3 switch supporting Layer 3 sub-interface, and DeviceB is
a Layer 2 switch. LANs are connected using the switched Ethernet interface
on DeviceB and the routed Ethernet interface on DeviceA. User hosts
are assigned to VLAN2 and VLAN3. To implement inter-VLAN communication,
configure as follows:

On DeviceA, create two Layer 3 sub-interfaces Port1.1 and Port2.1
on the Ethernet interface connecting to DeviceB, and configure 802.1Q
encapsulation on Layer 3 sub-interfaces corresponding to VLAN2 and
VLAN3.

Configure IP addresses for Layer 3 sub-interfaces.

Set types of Ethernet interfaces connecting DeviceB and DeviceA
to Trunk or Hybrid, to allow VLAN2 and VLAN3 frames.

Set the default gateway address to the IP address of the Layer
3 sub-interface mapping the VLAN to which the user host belongs.

Figure 5-8 Inter-VLAN communication using Layer 3 sub-interfaces

Host A communicates with host C as follows:

Host A checks the IP address of host C and determines that host
C is in another VLAN.

After receiving the reply packet, DeviceA sends the packet from
host A to host C. All packets sent from host A to host C are sent
to DeviceA first to implement Layer 3 forwarding.

VLANIF interface

Layer 3 switching combines routing and
switching techniques to implement routing on a switch, improving the
overall performance of the network. After sending the first data flow,
a Layer 3 switch generates a mapping table on which it records the
mapping between the MAC address and the IP address for the data flow.
If the switch needs to send the same data flow again, it directly
sends the data flow at Layer 2 based on the mapping table. In this
manner, network delays caused by route selection are eliminated, and
data forwarding efficiency is improved.

In order for new data
flows to be correctly forwarded, the routing table must have the correct
routing entries. Therefore, VLANIF interfaces are used to configure
routing protocols on Layer 3 switches to reach Layer 3 routes.

A VLANIF interface is a Layer 3 logical interface, which can be
configured on either a Layer 3 switch or a router.

As shown
in Figure 5-9, hosts connected to the switch are assigned to VLAN 2 and
VLAN 3. To implement inter-VLAN communication, configure as follows:

Create two VLANIF interfaces on the device, and configure IP
addresses for them.

Set the default gateway address to the IP address of the VLANIF
interface mapping the VLAN to which the user host belongs.

Figure 5-9 Inter-VLAN communication through VLANIF interfaces

Host A communicates with host C as follows:

Host A checks the IP address of host C and determines that host
C is in another subnet.